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(57) Abstract 

A TDMA/TDD link adaptation method determines radio link quality at a base station. The radio link quality is used to update and 
broadcast a physical layer parameter indicator (10-16) from the base station on a broadcast control channel having a common physical 
layer parameter indicator for all uplink and downlink channels. 
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TECHNICAL FIELD 

The present invention relates generally to TDMA/TDD (Time Division 
Multiple Access / Time Division Duplex) radio communication systems, and 
especially to adaptation of the systems to prevailing radio conditions. 

BACKGROUND 



ETSl BRAN (Broadband Radio Access Network) is developing a short-range 
high data rate system, HIPERLAN Type 2 (also called H/2), mainly for indoor 
operation. Some outdoor scenarios are also considered (campus areas, 
downtown city areas). The target areas are offices, conference halls, 

15 exhibition fairs, airports and home environments. The spectrum is 

unlicensed and thus several "operators" may use the same spectrum. The 
interference environment may change during operation due to for example 
new operators in the vicinity of the own network and it is then very difficult 
to predict what type of interference the system shall be able to handle. The 

20 large difference in radio propagation, i.e. LOS (Line Of Sight) and NLOS (No 

Line Of Sight), and interference environments in which the system be must 
be able to operate, puts strong requirements on the system that it is able to 
adapt to its current situation. In this type of systems, one radio cell might be 
exposed to larger interference than, other radio cells. Just an adaptation per 

25 radio cell to handle this situation is referred to as "radio cell adaptation". 

Furthermore, the mobile terminals (MTs) associated with a certain base 
station (BS) may have different reception qualities in their uplink and 
downlink respectively. Hence, in this case each MT might want to use 
different transmission parameters, e.g. code rate (protection level) and 

30 modulation alphabet, to be able to adjust its reception quality in the uplink 

and downlink. This adaptation could be performed per MT or per its 
individual connections. In the latter case differing traffic and QoS (Quality of 



SDOCID: <WO 0022865A2 t > 



wo 00/22865 ^ PCT/SE99/01774 

Service) parameters have to be considered. For example, one MT could have 
a connection carrying video using a powerful FEC (Forward Error Correction) 
code, whereas a connection for file transfer uses a less strong FEC but with 
ARQ (Automatic ReQuest for retransmission) capabilities. 

5 

Typical reception quality measures are: 

retransmission rate (PER, Packet Error Rate), 
delay spread (time dispersion), 
10 received signal strength (RSSI), 

Signal-to-Interference Ratio (SIR) 
Bit Error Rate (BER) 



15 



Combinations of these performance measures and others are also possible. 

Usually link adaptation is divided into two groups: net rate adaptation and 
gross rate adaptation. 



Net rate adaptation means that the incoming data rate is adjusted to fit into 
20 the assigned capacity so that the system can handle a certain link quality, 

i.e. the user has a fixed assigned capacity over the air, and if the radio 
quality is poor the incoming data rate is reduced and a more robust 
transmission mode is used. In case of a good connection a higher incoming 
data rate can be used. 

25 

In gross rate adaptation the incoming data rate is "fixed"*, i.e. the radio 
system does not change its incoming traffic due to the radio conditions. 
Instead the radio system tries to sustain the incoming data rate and to 
counter the variations in link quality by assigning correspondingly varying 
30 capacity over the air interface. Thus, two MT with the same incoming data 

rate could have been assigned different capacity over the air interface based 
on their individual connection reception qualities. An extra function might be 
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needed in this case to guarantee fair utilisation of the total available 
capacity. 



Combination of net and gross rate adaptation is of course also possible. 

5 

The present situation with regard to adaptation to varying radio conditions 
in different radio communication standards may be summarised as follows: 

HIPERLAN/2: No proposal exists on a protocol that handles the ability to 
10 make radio cell adaptation and/ or link (per MT or per connection) 

adaptations. Still, the proposals on the physical layer allow different code 
rates and modulation alphabets (MPSK and MQAM signal constellations). 

GPRS: The system applies net rate link adaptation (selects channel coding) 
15 per mobile terminal, see [1]. For downlink traffic the MT request channel 

coding via ARQ-ACK/NACK messages through the uplink. The BS is using 
stolen bits (embedded in the burst structure of GSM) to set the channel code 
for the downlink. Hence, the MT first decodes these bits to obtain 
information on which channel decoding it shall use for the rest of the burst. 
20 In case unacknowledged mode is applied, the MT sends measurements 

reports to the BS including an estimation of the BER. This information can 
then be used by the BS to select channel coding foi- the downlink bursts. 

For the uplink traffic the BS commands the MT to use a certain channel 
25 coding. This information is transferred to the MT piggybacked on downlink 

dedicated control channels, e.g. piggybacked on ARQ-ACK/NACK messages. 

A drawback is that in GRPS it is not possible to change channel coding 
during retransmission phase. 

30 

EDGE, EGPRS: These two systems apply net rate link adaptation (select 
channel coding and modulation alphabet) per mobile terminal. No protocol 
exists yet. However, the structure and protocol is based on* the GPRS 
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Structure and a similar protocol will be utilised. Ektensive simulation studies 
have been performed on the system throughput and can be found in [2], 

The problem with changing channel coding during retransmissions is solved 
5 by doing re- segmentation. However, the frame structure used in these 

systems is not suited for a TDD system. 

DVB, DAB: Digital Video/ Audio groa^casting uses different code rates and 
modulation alphabets to be able to extend their coverage regions and to 

10 enable the possibility for an broadcaster to select suitable parameters so that 

both data and the ordinary program can be sent on the allocated bandwidth, 
see [3]. In the pure broadcast scenario no uplink signalling exists. Recently, 
an ACTS program called MEMO has been developed for individual services; 
the ordinary GSM network is used for the uplink signalling. In this case 

15 downlink link adaptation is possible. Still no protocol that enables this 

signalling exists. 



IEEE 802.11: A new physical layer standard is now developed for 5 GHz 
operation, see [4]. The standard is not fixed yet and the system will apply 
20 some sort of link adaptation. The proposed solution is assuming that the 

physical layer is totally independent from the IEEE 802.11 MAC layer. To 
enable this a convergence layer, called PHY PLCP {Physical Layer 
Convergence Protocol), is put in between, where primitives are used through 
SAPs (Service Access Point) to instruct the physical layer to react. 

25 

The selected link parameters are performed by the sending unit, i.e. in the 
downlink the BS selects the parameters and in the uplink the MT selects the 
parameters. Both BS and MT are making measurements before selecting 
PHY (PHYsical layer) parameters, e.g. RSSI measurements. 

30 

The access scheme is based on CSMA/CA (Carrier Sense Multiple Access 
with Collision Avoidance). This implies that one MAC frame (in IEEE 802.11 
this is equal to a MPDU (MAC Protocol Data Unit)) is transmitted between 
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two peer entities only, i.e. the MAC frame is only between a BS (centrally 
controlled system) and one MT, or the MAC frame is only between two MTs 
(Ad-hoc system). The duration of the MAC frame depends on the selected 
PHY parameter In case of a more robust PHY mode, the length of the PHY 
5 frame becomes longer due to higher FEC protection. 

This is a gross rate adaptation approach which is not able to consider QoS 
• and fairness between users, i.e. since the transmitting unit is selecting the 
PHY parameters (used capacity), a user may select a parameter 
10 corresponding to a robust PHY mode resulting in larger capacity utilisation 

even though it is not necessary. 

In the current version of the IEEE 802.11 proposal for 5 GHz, measurements 
needed for the selection of PHY parameters has to be performed by both the 
15 BSandtheMT. 



SUMMARY 



An object of the present invention is to provide a spectrum efficient radio 
20 link adaptation method and frame structure for a TDMA/TDD radio 

communication system.. 



This object is achieved in accordance with the attached claims. 

25 Briefly, the present invention uses the BCCH (Broadcast Control CHannel) to 

adapt the radio cell to prevailing radio conditions. This provides a very 
efficient method, since a common physical layer parameter indicator may be 
used for all radio links. An efficient and more flexible embodiment uses a 
common physical layer parameter indicator to adapt the uplinks of the radio 

30 cell, while the downlinks are individually adapted using physical layer 

parameter indicators in the ACH (Announcement & assignment CHannel). It 
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is also possible to let the BCCH indicate the physical layer parameters 
to be used for decoding of the ACH. 



BRIEF DESCRIPTION OF THE DRAWINGS 

5 

The invention, together with further objects and advantages thereof, may best 
be understood by making reference to the following description taken together 
with the accompanying drawings, ifi which; ^ ^ 

Fig. 1 is a diagram illustrating a basic frame structure of a TDMA/TDD 
10 radio communication system; 

Fig. 2 is a diagram illustrating an exemplary embodiment of a frame 
structure in accordance with the present invention suitable for a TDMA/TDD 
radio communication system; and 

Fig. 3 is a diagram illustrating another exemplary embodiment of a 
15 frame structure in accordance with the present invention suitable for a 

TDMA/TDD radio communication system. 

DETAILED DESCRIPTION 



20 The system in accordance with the present invention uses a TDMA/TDD 

(Time Division Multiple Access/Time Division Duplex) MAC (Media Access 
Control) frame structure (e.g. H/2 and IEEE 802.11). An example of such a 
frame structure is depicted in fig. 1. A centrally controlled MAC scheme is 
assumed, i.e. the BS assigns capacity to the MTs. The assignments could be 

25 different between two MAC frames, -i.e. one user might be assigned capacity 

in one MAC frame and in the next MAC frame this user will not be assigned 
any capacity. In case of ad-hoc operation, one MT could act as the central 
controller. In fig. 1 assigned capacity for one connection (downlink + uplink) 
has been indicated, while the dots represent assigned capacity for other 

30 connections. 
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The MAC frame starts with a Broadcast Control CHannel (BCCH) which 
contains information that is transmitted over the entire area that a BS 
covers (radio cell). The assignment of different MTs capacity is transmitted in 
the ACH (Announcement 8& assignment CHannel, sometimes referred to as 
5 resource grant channel or FCH (Frame Control cHannel)). The whole ACH is 

not necessarily transmitted over the whole radio cell. In case multi beam 
antennas are applied, the information that is only concerned to a certain 
Tc: - beam is then only transmitted over its corresponding coverage area. Pointers 
may be applied in the ACH so that a MT that is assigned capacity knows 
10 exactly when in the frame it is expected to receive and send data, i.e. in the 

"Assigned Capacity" regions. Random Access CHannels (RACH) might be 
located at the end of the frame. A MT may request for capacity in its 
assigned uplink capacity region or via one random access channel, 

15 The exemplary embodiments of frame structures in accordance with the 

present invention described below are applicable for both gross and net rate 
link/ radio cell adaptation. 

Fig. 2 is a diagram illustrating an exemplary embodiment of a frame 
20 structure in accordance with the present invention suitable for a TDMA/TDD 

radio communication system with centrally controlled assignment of 

. . T.- capacity. In this embodiment radio cell adaptation -parameters are only 

transmitted in the BCCH (or some other permanent or temporary "control 
channel" for broadcasting messages). This embodiment may assume that the 
25 BS has all information necessary to make a decision on a single PHY 

parameter setting (e.g. code rate, modulation alphabet, time slots/frame) 
without any interaction (no explicit uplink signalling) with the MTs). 
Statistics of the PER, delay spread, received signal strength, SIR and BER 
could for example be used in the selection procedure. The measurements 
30 could be performed on the traffic and control data PDUs (Protocol Data 

Units) that are received at the BS. The single PHY parameter setting (which 
is dynamically varying) could be used for some or all connections, as 
indicated by the dashed arrows 10, 12, 14 and 16 in fig. 2. ^ 
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One nice feature of this embodiment is that all PDUs of the same type will 
have the same size and the assignment of capacity resources becomes 
easier. 

5 

Since a common indicator is used for all links, it is appreciated that the 
embodiment in fig. 1 implements radio cell adaptation. 

Radio cell adaptation could also be performed on uplink only or downlink 
10 only. Furthermore, the broadcast message including the common PHY 

parameter indicator may also be broadcast in other "channels" than the 
BCCH, for example a dedicated PHY parameter channel. 

Fig. 3 is a diagram illustrating another exemplary embodiment of a frame 
15 structure in accordance with the present invention suitable for a TDMA/TDD 

radio communication system. In this embodiment a single PHY mode is used 
in the uplink for all MTs, as indicated by dashed arrows 10, 12. This is an 
efficient signalling mechanism in case all MT will have similar reception 
quality in the uplink. This could for example be accomplished if power 
20 control is applied in the uplink, i.e. the BS controls (decides) the MTs power 

level. However, in this embodiment the downlink is individually assigned via 
the ACH, as indicated by dashed arrows 18, 20 in fig. 3. 

The embodiment of fig. 3 implements a combination of radio cell and 
25 individual link adaptation, since all uplinks are adapted in the same way as 

in the embodiment of fig. 1, while downlinks are individually adapted. 

A combination of the embodiments of fig. 2 and 3 is also possible. In such a 
combination the BCCH (or some other permanent or temporary "control 
30 channel" for broadcasting messages) is used to broadcast an indicator of the 

physical layer parameters that should be used to decode the ACH. The 
physical layer parameters may be individual or common for several 
channels, ^ 
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In some cases it is not necessary for the MTs to update the BS so frequently. 
This could be in situations when the radio channel and the interference 
environment are rather static and do not change. To use the ARQ PDU for 
5 this signalling will then create unnecessary overhead. To reduce the amount 

of signalling, a special signalling message (control channel), in which the 
information is transferred, could be used. This is a special control channel 
. .that is separated from other channels. An initiaLnegotiation-eould take place 
between the MT and the BS on how often these messages should be 

10 transmitted. The BS could then, for example, assign uplink capacity to the 

MT on a regular basis. Such an embodiment creates a flexible solution. How 
the information is transmitted to the BS could also be negotiated, e.g. the 
approach to use the ARQ messages could of course be one way. Another 
approach is that all updates of the PHY mode are sent through the RACH. 

15 An alternative is to "piggyback" the information on one or several other 

messages, since this type of information may be represented by very few bits. 

It will be understood by those skilled in the art that various modifications 
and changes may be made to the present invention without departure from 
20 the scope thereof, which is defined by the appended claims. 
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CLAIMS 

1. A TDMA/TDD media access control frame structure, characterized by 
a broadcast message having a common dynamically updated physical layer 
parameter indicator for a plurality of channels. 

2. The control frame structure of claim 1, characterized by a broadcast 
- message having a common dynamically updated = physical layer parameter 

indicator for a plurality of uplink channels. 

3. The control frame structure of claim 1, characterized by a broadcast 
message having a common dynamically updated physical layer parameter 
indicator for a plurality of downlink channels. 

4. The control frame structure of claim 1, characterized by a broadcast 
message having a common dynamically updated physical layer parameter 
indicator for a plurality of uplink channels and a plurality of downlink 
channels. 

5. The control frame structure of any of the preceding claims, 
characterized by said broadcast message indicating the proper physical layer 
parameter thait is to be used by a" receiver to decode ari axihbuhcei^^^ 
assignment channel. 

6. The control frame structure of claim 2, characterized by an 
announcement and assignment chamnel having individual dynamically 
updated physical layer parameter indicators for downlink channels. 

7. The control frame structure of claim 5, characterized by said broadcast 
message indicating the proper physical layer parameter that is to be used by 
a receiver to decode an announcement and assignment channel. 
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8. The control frame structure of any of the preceding claims, 
characterized by said broadcast message belonging to a broadcast control 
channel. 

9. The control frame structure of any of the preceding claims, 
characterized by a separate control channel for occasional requests of 
physical layer parameter updates from mobile terminals. 

10. A TDMA/TDD link adaptation method, characterized by 
determining radio link quality at a central controller; and 

updating and broadcasting a message including a common physical 
layer parameter indicator for a plurality of channels from said central 
controller. 

11. The method of claim 10, characterized by said message including a 
common physical layer parameter indicator for a plurality of uplink 
channels. 

12. The method of claim 10, characterized by said message including a 
common physical layer parameter indicator for a plurality of downlink 
channels. 

13. The method of claim 10, characterized by said message including a 
common physical layer parameter indicator for a plurality of uplink channels 
and a plurality of downlink channels. 

14. The method of any of the preceding claims 10-13, characterized by 
said message indicating the proper physical layer parameter that is to be 
used by a receiver to decode an announcement and assignment channel. 

15. The method of claim 11, characterized by an announcement and 
assignment channel for individually and dynamically updating physical layer 
parameter indicators for downlink channels. ^ 
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16. The method of claim 15, characterized by said message indicating the 
proper physical layer parameter that is to be used by a receiver to decode an 
announcement and assignment channel. 

5 17. The method of any of the preceding claims 10-16, characterized by 

said message belonging to a broadcast control channel. 

: '— Tis^--- The method of any of the preceding claims 4 ©Ht 7,' characterized by a 
separate control channel for occasional requests of physical layer parameter 
10 updates from mobile terminals. 

19. The method of any of claims 10-18, characterized by said central 
controller being a base station. 



15 
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t ^''"'^ re^^ote control 

the preferred embodiment of the invention, a netwo J 
admmtratorornetworkmanagementsoftwa'ec^^^^^^^ 
a Shutdown record, includingan index or time stamp fo 
powenng down a specified network computer(s) Tr o 
o broadcast over the network, a secure ontwfy hash 

s7Z:r°'T °" reco "7h ?e 

no '^^ °"«-«'ay hash function is enco^pted using the 
network administrator's private key, thereby qeneraf 
a d,g,tal signature that can be verified by spSlv con^ 
gured network nodes. The digita, signaJS ^ 'p nt 
ed to the original shutdown record prior to broadcast^ 
he network. Upon receiving the broadcast messall 

Ss SST"'' valictetes the S: 

cast message by verifying the digital signature of the 

packet or frame. The validation prciess is pelrned^^^ 
decrypting the hash value representation of Tshu, 
down record using the network administrator s pS 
key. A one-way hash function is also performed on iho 
ong.a, shutdown record portion of tS:ZTjZ'. 
sage If the two values match, the broadcast messaoe 
.s determined lo be authentic and the shutdown conlo! 
code IS executed. The invention insures tha.The sC 
down con,mand was neither modified in transit nor orj 
mated from an unauthorized source. ^ 
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Description 



[00011 The invention relates to security in a computer 
network, and more particular^ to a secure method for 
communicating remote control commands in a distribut- 
ed computing environment. 

r0OO21 A majority of today's businesses utilize some 
form of computer network. As sen/ers and clients are 
deployed into more mission critical environments and 
used in more remote areas, the amount of human re- 
sources required to manage these computer networks 
is growing. Computer networks are often maintained by 
either a network administrator or ah Information Sys- 
tems (IS) department. Network administrators are often 
tasked with perfomiing such duties as data backups or 
software updates on network computers at times when 
network users will not be negatively impacted (e.g.. at 
night) These tasks are simplified somewhat by relative- 
ly new network management hardware and software 
thai allows remote access to network computers. To re- 
motely access network computers, however, requires 
that network users leave nrachines running or disable 
energy saving features. This requirement can conflict 
with efforts to reduce computer power consumption. 
[0003] In particular, the Environmental Protection 
Agency (EPA) has attempted, through the Energy Star 
Program, to reduce computer power consumption via 
the creation of so-called . rgceen" computers. The term 
•green computer" typically refers to a computer that en- 
ters low-power mode following a specified period of in- 
activity -The proliferation of green computers in net- 
works while laudable, can interfere with a netvrork ad- 
ministrator's duties. For example, if a network computer 
is in sleep mode (or other low power state) it often can- 
not be addressed f rom the network. 
[00041 Attempts have been made to alleviate this 
problem For example. Magic Packet™ technology, a 
proposed industry standard jointly developed by Ad- 
vanced IWIicro Devices and Hewlett-Packard Corpora- 
tion provides a mechanism whereby a network admin- 
istrator or network management software can "wake up 
or power down a network computer by sending if a spe- 
cial Ethernet frame. Briefly, the Ethernet frame includes 
a specific data pattern that can be detected by a spe- 
cially configured network interface controller incorporat- 
ed in a network computer. The network interface con- 
troller is capable of communicating with the network 
computer's power management hardware or software 
to power up or power down the network computer in re- 
sponse to a control code portion of the special Ethernet 

frame. , 
[0005] In addition to networking hardware and son- 
ware, today's businesses also invest large amounts of 
money developing information contained in data files 
such as text documents and spreadsheets. Protecting 
such investments can be critical to the success and rep- 
utation of a business. Public accounts of the exploits of 
computer "hackers' - as malicious code-breakers or 



eavesdroppers are sometimes called - have therefore 
tocussed and magnified corporate desires lor secure 
communications and better methods of protecting data. 
The scope of the problem is undoubtedly even more se- 
5 rious than reported, given the reluctance of many busi- 
nesses to publicize security breaches. As a result, com- 
puter manufacturers and network software developers 
are striving to incorporate security and integrity features 
into their products to restrict access to data contained 
10 on network hard drives, as well as infomiation contained 
in other critical network components. 
[0006] One known approach to security involves en- 
cryption or cryptography. Cryptography is typically used 

to protect both data and communications. Generally, an 
IS original message or data item is referred to as "plain 
text" while "encryptkjn" denotes the process of disguis- 
ing or altering a message in such a way that its sub- 
stance is not readily discemable. An encrypted mes- 
sage is sometimes called "ciphertext". Ciphertext is re- 
20 turned to plain text by an inverse operation referred to 
as "decryption". Encryption is typically accomplished 
through the use of a cryptographic algonthm. which is 
essentially a mathematical function. The most common 
cryptographic algorithms are key-based, where special 
25 knowledge of variable information called a "key" is re- 
quired to deciypt ciphertext. There are many types of 
key-based cryptographic algorithms, providing varying 
levels of security. 

[00071 The two most prevalent cryptographic. .alaQ- .„ 
30 rithms are generally referred to as ■symmetric" (also 
called secret key or single key algorithms) and public 
key- (also called asymmetric algorithms). The security 
in these algorithms is entered around the keys - not the 
details ofthe algorithm itself. This makes it possible to 
35 publish the algorithm for public scrutiny and then mass 
produce it for incorporation into security products. 
[0008] In symmetric algorithms, the encryption key 
and the decryption key are the same. This single key 
encryption arrangement is not without drawbacks. The 
40 sender and recipient of a message must somehow ex- 
change infomiation regarding the secret key Each side 
must trust the other not to disctose the key. Further, the 
sender must generally communicate the key via another 
media (similar to a bank sending the personal identifi- 
45 cation number for an AIM card through the mail)~This- 
arrangement can be impractical, for example, when the 
parties Interact electronically tor the first time over a net- 
work. The number of keys also increases rapidly as the 
number of users increases. 
50 [0009] With public key algorithms, by comparison, tr>e 

key used for encryption is different from the key used 
lor decryption. It is generally very difficult to cateulate 
the decryption key from an encryption key In typical op- 
eration, the "public key- used for encryption is made 
SB public via a readily accessible directory, while the cor- 
responding "private key" used for decryption is known 
only to the recipient ofthe ciphertext. In an exemplary 
public key transaction, a sender retrieves the recipient s 



2 



EP 0 898 216 A2 



pubhc key and uses it to encrypt the message prior to 
sending ,t. The recipient then decrypts the message with 
the corresponding private key. It is also possible to en- 
crypt a niessage using a private key and decrypt it usinq 

•n'LTm r ^^'^ used in digital signatures 

to authenticate the source of a message 

J^^ °' cryptographic algorithms is 

constantly growing. The two most popular are DES (Da- 
ta Encryption Standard) and RSA (named after its in- 
ver^tors - Rn,est, Shamir, and Adieman). DES is a sym- 
metric algorithm with a fixed key length. RSA is a public 
key a gonthm that can be used for both encryption and 
digitel signatures. DSA (Digital. Signature Algorithm) is 
another popular public key algorithm that is only used 
for digital signatures. With any of these algorithms the 
relative difficulty of breaking an encrypted message by 
guessing a key with a brute force attack is proportional 
oihe length of the key For example, if the key bifs 
ong (5 Characters), the total number of possible keys 
(2^V about llObillion. Given the computational power 
of modem computers, this value is often considered in- 
adequate. By comparison, a key length of 56 bits (7 
characters) provides 65,636 times as many possib e 
values as the 40 bit key 

S!!1!J r"*'^"" ""'^ key-based algorithms is 
speed. Public key algorithms, in particular, are typically 

ontheorderofl.OOOtimesslowerthansymmetr^algo. 
nthms. Even symmetric algorithms can be slow when 
compared with so-called "one-way functions" or "one- 
way hash functions". 

i^JfL ^" ''^^^'one-way hash function, denot- 
ed H(M), operates on an arbitrary-length bkxk oftext or 
iT!^f "^^^ ^^^^ '""ction returns a fixed- 

length hash value, h, such that h =: H(M). where h is 
oflength m. One-way hash functions have special char- 
acteristics that make them one-way Given M. for exam- 
ple, it is easy to compute h. Given h. it is impossible to 

hZI^H "T'"^ ^"^^^^ ^"^ «»'"P"'e M such that 
.In L^ u • " '""possible to find another mes- 

waf hJlhr ''^'^^ = one- 
ulu! ^ ^ •fi'^gerprint" of M that is 

unique, and is therefore useful for purposes of authen- 
ticating the source of a message. 
[0013] BriefV, a computer system according to the 
present invention providers a s^ure method for commu- 
nicating remote control commands in a distributed com- 
puting environment. A potential problem with providing 
remote control capabilities in a computer network is that 
unauthorized users may broadcast shutdown or wake 
up commands to network nodes in an undesirable man- 
ner. A system according to the present Invention ad- 
dresses this concern. 

[0014] According to the invention, a network adminis- 
trator or network management software creates a shut- 
down (or other control command) record including an 
index ortime stamp with the date and time on which the 
shutdown record was created. A secure one-way hash 
function IS then performed on the shutdown record The 



result of the one-way hash function is encrypted using 
the network administrator's private key thereby gener 

be verifS'h ' ^--^ 
strator s pub ic key The digital signature is appended 
to the orignal shutdown recoixJ prior to broadcast to the 

iddl!lo^°."T'"^ °' ^ '^^'^d'^s' "-essage 

addressed to it, a network computer according to the 

S "".if T '° '^"^'^ "^^-^-s' -esLge y 
verging the digital signature of the packet or frame In 

hedisclosed embodiment, the validation process isper-... 
formed by deciypting the hash value representation of 
the shutdown record using the network administmtor's 
key A one-way hash function is also perfom,ed 
on the original shutdown record portion of the received 
message. If the two hash values match, the broadcast 
message is detemilned to be authentic and the shut- 
down control code is executed. 
20 [0016] Thepresent invention thereby proteclsandau- 
thenticates remote control commands transmitted via 
corporate networks, intranets and LANs. Unauthorized 
users and malicious software are prevented from tum- 
ing off (or waking up) network computers orperfomiing 
other unauthorized functions such as malickjus altera 
ion of ROM code. For machines in which it is desirable 

Pteted that the public key ofthe network -administrator 
30 in " nl!"'''^'"'' '"'^^ «P^*fi«d machine is 

nn?^ °' '^^'^'=''"9 ^ '^'o^'^cast message 
tDOI T] A better understanding ofthe present invention 
ran be Ob ained when the foltowing detailed description 
of the preferred embodiment is considered in conjunc- 
tion with the following drawings, in which. 

Figure 1 is a schematic block diagram ofa network 
computer system incorporating networking capabil- 
ities in accordance with the present invention- 

40 ^ '? ^ "'^"^ ^'^Si-am Of an exem- 

plaiy local area network capable of secure remote 
control communications according to the present in- 

vention; 

Figure 3 is a flowchart diagram illustrating genera- 
tion Of a secure network broadcast message in ac- 
cordance with the present invention- and 
Figure 4 is a flowchart diagram illustrating the re- 
ceipt and validatton of a secure network broadcast 
message in accordance with the present invention. 

«o [0018] The following patents and applications are ref- 
erenced below: 



55 



Commonly owned U.S. Patent Application Serial 
No. 08/766.721. entitled "A METHOD AND APPA- 
RATUS FOR ALLOWING ACCESS TO SECURED 
COMPUTER RESOURCES BY UTILIZING A 
PASSWORD AND EXTERNAL ENCRYPTION AL- 
GORITHM", filed on December 13 iggfe- 
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A COMPUTER NETWORK": and 
Cornmonly owned U.S. Patent Application Senal 
Mn 08/777 615 entitled -METHOD FOR SECURE- 
^ySIng'storing and using ENCRYP- 

TON KEYS IN A COMPUTER SYSTEM", filed on 
December 31, 1996. 



[00191 Relerring first to Figure 1 , a network computer 
i~ em incorporaSng networking capabilities .n aa:ord- 
ance wrth the present invention is shown. In the pre- 
fer'^ embodiment; the network corinputer S .ncorpo- 
aestwoprima,ybuses:aPeripheral component inte^ 

connect (PCI) bus P which includes an address^data 
portl and a control signal portion; and an Industn. 
SnTard Architecture (ISA) bus I which includes an ad- 
d ess portton, a data portion, and a control signal por- 
Son The PCl and ISAbuses P and 1 form the arch«ec- 
tural backbone ol the network computer S 
i A CPU/memory subsystem 100 .s connected 
~he PCI bus P The processor 102 is preferably the 
Pelo^ or Pentium II® processor from Intel Corp^- 
tion. or any number of similar or next-generat.on proc^ 
essors. The processor 102 drives f t^;^ ^^^d^^f • ^"J 
control portions 116, 106, and 108 of a host bus HE. A 
Jeve 2 (L2) or external cache memory 1 04 .s connected 
to the host bus HB to provide additional caching capa- 
bilities that improve the overall perfomiance of the ne - 
workcomputerS.The L2 cache 104 may be permaner^t- 

TyttaJor may be ---able i^esired « 

I 9 cache 104 may be embodied wrthin the 102. A 
cach^and memory cc^,troller 110 and a PCI-ISAbridge 
ch? S^are connected to the control and addr^ por^ 
Hons 108 and 106 ofthe host bus HB. The cache and 
rmory controller chipllOis configured to controlase- 

ries of data buffers 112. The data buffers 112 are pref^ 
r^V^e 82433LX from Intel, andare coupled to and 

Tve the host data bus 1 16 and a MD or memo,, data 
bus 118 that is connected to a memory array 114. A 
Memory address and memory control sigrjal bus is pro- 
vided from the cache and memory controller 110. 
ro021l The data buffers 112, cache and memory con- 
roller IIOV and PCl-ISAbndgel 30 are all connected to 

the PCI bus R The PCI-ISAbridge 1 30 is used to convert 
signals between the PCI bus P and the ISA bus I The 
PCl-ISA bridge 130 includes: the necessary address 
LdSrabuNers,arbitraUonandbusmastercontroH<^.c 

lor the PCI bus P, ISA arbitration circuitry, an ISA bus 
controllerasconven,ionaIVusedinlSAsystems_anDE 

(intelligent drive electronics) interface, and a DI^A con 
roller. A hard disk drive 140 is connected to the IDE 
interface otthe PCl-lSA bridge 130. Tape drives CD" 
ROM devices or other peripheral storage devices (not 
shown) can be similarly connected. 
[00221 in the disclosed embodiment, the POi-ii.A 
bridae 130 also includes miscellaneous system logK^ 
This miscellaneous system logic contains counters and 



activity timers as conventionally present n persor^l 
computer systems, an interrupt controller for both the 
PCI and ISA buses P and 1, and power management 
logic Additionally, the miscellaneous system logic pref- 
5 erably includes circuitry for a security management sys- 
tem used for password verification and to al^vv a«=ess 
to protected resources. For example, the PCl-lSA 
bridge 130 ofthe disclosed embodiment includes vari- 
ous address decode togic and security logic to control 
,0 aSess to an internal or external CMOS/NVRAM mem^ 
cry (not shown) and stored password va'^es. |J« 
CMOS/NVRAM memory is coupled to the PCl-lbA 
bridge 130 via a standard |2C bus (also not shown). 
[00231 The PCl-lSA bridge 1 30 also includes circuitry 
,5 o generate a firmware initiated SMI (Syste-n Manage- 
ment interrupt), as well as SMI and '^ey'^;f^°"^°"^; 
interface circuitry. The miscellaneous system logic is 
S^nected to the flash ROM 1 54 through write prote - 
tion look: 164. Separate enable/interrupt signals are al- 
20 rJoLunicated'from the PCl-lSA bridge 130 to the 
hard drive 1 40. Preferably, the PCl-lSA brrige 130 is a 
single integratedcircuH, but other combinations arepos- 

[51^4] A series of ISA slots 1 34 are connected to the 
2S SA bus I to receive ISA adapter ««'ds. A series o PCI 
stots 142 are similarly provided on the PCI bus P to re- 
ceive PCI adapter cards. 

[00251 A video controller 1 65 is also connected to the 
PCI bus P Video memory 166 is used.tostpre graphics 
30 data and is connected to the video graphics c<^troiler 
165 and a digital/analog converter (RAMDAC) 168. I ne 
vWeo graphics controller 165 controls the operation of 
the video memory 166, allowing data to be wrrtten and 
retrieved as required. A monitor connector 169 is con- 
as nected to the RAMDAC 168 for connecting a monitor 

TOMBl Acombinattonl/Ochip136isconnectedtothe 
SA bus 1. The combination I/O chip 136 preferably in- 
cludes a real time ctock, two UAF^S, and a f^py disk 
40 controller for controlling a floppy ^'sk drive 138 _ Add, 
tionally, a control line is provided to the read and wrrte 
protection logic 164tofurthercontrol access tothe flash 

ROM 154 Serial port connectors 145 and parallel port 
connector (not shown) are also connected to the com- 

45 bination I/O Chip 136. ' rz^C^^^' 

[00271 An 8042, or keyboard controller, is also includ- 
ed in the combination I/O chip 136. The keyboard con- 
troller is of conventional design and is connected in turn 
to a keyboard connector 158 and a mouse or poinUng 
so device connector 160. A keyboard 159 is connected to 
the network computer S through the keyboard connec- 

[00281 A buffer 144 is connected to the ISA bus I to 
provide an additional X-bus X for various additions^ 
55 components ofthe network computer S. A flash ROM 
154 receives its control, address and data signals from 
theX-bus X. Preferably, the flash ROM 1 54 contains the 
BIOS information for the computer system and can be 
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remotely reprogrammed to allow for revisions of the BI- 
OS. 

[0029] In the disclosed embodiment, the network 
computer S contains circuitry for communicating with a 
removable cryptographic token 1 88. The token can take 
many forms, such as a Touch Memory™ device sup- 
plied by Dallas Semiconductor, Inc., a smart card, or an 
encryption card. The token 188 is easily decoupled from 
the network computer S and easily transportable by the 
token bearer The token 188 preferably contains at least 
one of a variety of encryption algorithnns (such as DES, 
Bbwfish, elliptic curve-based algorithms, etc.). Al- 
though the base algorithm can be the same in each to- 
ken 188, it isdesirablethatthe'encryptidri key be diffe^^^ 
ent in each token 188. Ideally, the token 188 is capable 
of communicating digitally with the network computer S 
during momentary contact with or proximity to the net- 
work computer S. The token 188 of the disclosed em- 
bodiment is capable of storing the encryption algorithm 
in a non-volatile manner and can be permanently write- 
protected to discourage tampering. Use of such tokens 
is further described in the previously incorporated patent 
application entitled "A METHOD AND APPARATUS 
FOR ALLOWING ACCESS TO SECURED COMPU- 
TER RESOURCES BY UTILIZING A PASSWORD AND 
AN EXTERNAL ENCRYPTION ALGORITHM". 
[0030] In the disclosed embodiment of the invention, 
the circuitry used for establishing a communication link 
between the token 1 88 and the netvyo/k^computetS^ppn-., 
sists of a probe 186 connected to a COM or serial port 
adapter 184. The port adapter 184 is connected to the 
RS232 connector 1 46. In operation, the token 1 88 is de- 
tachably received by the probe 186. The probe 186 in- 
cludes circuitry for reading and writing memory in the 
token 1 88, and can be fully powered through the RS232 
connector 146. In addition, the probe 1 86 includes pres- 
ence detector circuitry for ascertaining the presence of 
a token 188. 

[0031] A network interface controller (NIC) 122 incbf=" 
porating remote control capabilities, such as those de- 
scribed more fully below, is also connected to the PCI 
bus P, allowing the network computer S to function as a 
"node" on a network. Preferably, the network interface 
controller 1 22 is a single integrated circuit that includes 
the capabilities necessary to act-as-a PGi bus -master 
and slave, as well as circuitry required to act as an Ether- 
net interface. Attachment Unit Interface (AUI) and 10 
base-T connectors (not shown) are provided in the sys- 
tem S, and are connected to the NIC 122 via filter and 
transformer circuitry. This circuitry forms a network or 
Ethernet connection for connecting the network compu- 
ter S to a distributed computer environment or local area 
network (LAN) as shown in Figure 2. The network inter- 
face controller 1 22 can be located on the motherboard 
and connected to a network via an RJ-45 connector (not 
shown). This configuration is becoming more popular as 
Ethernet gains widespread acceptance for desktop net- 
working. - 



[0032] Most of today's personal computers also incor- 
porate some fomn ofadvanced power management 
hardware/software 180 (such as Compaq Power Man- 
agement Software) for controlling power distribution 
5 from a power supply 182. The power management hard- 
ware/software 180 typically allows the network compu- 
ter S to be placed in any one of a number of different 
power down states, from merely reducing processor 
clock speed to powering down everything except the 

10 network interface controller 122. In a typical computer 
system S. the power management hardware/software 
180 scans for any one of several events that serve to 
wake up the system. Such events may include keyboard 
159 keystrokes or mouse movement. A Magic Packet™ 

^5 indication signal can easily be included among the spec- 
ified wake-up or power down events. 
[0033] The network interface controller 122 is sup- 
plied with power by an auxiliary portion of power source 
182 and is capable of communicating with a network 

20 (see Figure 2). Further, with the Magic Packet™ mode 
(discussed more fully below) enabled, the network in- 
terface controller 1 22 is capable of alerting the network 
computer's S power management hardware/software 
180 following receipt of a valid Magic Packet™ frame. 

25 Conversely, the computer's power management hard- 
ware/software 1 80 is able to place the network intertace 
controller 122 into Magic Packet™ mode prior to the 
computer system S entering a low power state. This can 

_ . be accomplished, for example, by either setting a bit in 

30 an internal register or by driving a specified pin to a spec- 
ified state. Once in Magic Packet™ mode, the network 
interface controller 1 22 no longer transmits frames, and 
scans all incoming frames addressed to it for a specific 
data sequence indicating that the frame is a Magic Pack- 

35 et™ frame. The Magic Packet™ frame must comply with 
the basic requirements of the chosen LAN technology, 
such as source address, destination address, and CRC. 
[0034] The precise nature ofthe remote control net- 
working 'mechanism is not considered critical to the in- 

40 vention and can take many forms, even within the con- 
fines of the Magic Packet™ standard. Most network in- 
terface controllers 122 already incorporate address 
matching circuitry to recognize regular frames address 
to the node. This circuitry can generally be adapted for 

45 use With the Magic Packet™ standard. Countercircurtry, 
in particular, may need to be added to the address 
matching circuitry. 

[0035] It is noted that Figure 1 presents an exemplary 
embodiment of the network computer S and it is under- 
50 stood that numerous other effective embodiments ca- 
pable of operation in accordance with the present inven- 
tion could readily be developed as known to those 
skilled in the art. 

[0036] Referring now to Fig. 2, an exemplary distrib- 
55 uted access environment capable of secure remote con- 
trol communications according to the present is shown. 
The disclosed network 200 includes a network adminis- 
> . arator computer 202 and a plurality of network comput- 
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ers S, depicted as network computers 204, 206 and 208. 
A network interface controller 214 ofthe network admin- 
istrator computer 202 communicates with a network in- 
terface controller 1 22 in each ofthe network computers 
S. Components ofthe network 200 are coupled via a net- 
work connection 208. Although Magic Packet™ or sim- 
ilar technobgy is not limited to anyone particular type 
of network connection 208. a 10BASE-T. 100-BASE-T 
or similar connection 208 is preferred. 
[0037] As described more fully in conjunction with Fig- 
ure 3. when the network administrator desires to shut 
down or activate a particular network computer 204, 
206. or 208, a shutdown record 210 is generated. Prior 
to communication over the network, a digital signature 
of the shutdown record is generated (at element 212). 
The digital signature is created by first performing a one- 
way hash function on the shutdown record, followed by 
encrypting the resulting value with the network admin- 
istrator's private key. The digital signature is then ap- 
pended to the shutdown record prior to broadcasting 
over the network via network interface controller 214. 
[0038] The encryption algorithms utilized in element 
212 can take many forms, including all ofthe aforemen- 
tioned algorithms. The encryption processes are prefer- 
ably carried out in secure memory that is not readable 
or writeable and cannot be "sniffed" by surreptitious pro- 
grams or viruses having the ability to monitor and inter- 
cept processes running in normal memory. Such a mem- 
ory configuration is discbsed, for example, in "METHOD 
FOR SECURELY CREATING. STORING AND USING 
. ENCRYPTION KEYS IN A COMPUTER SYSTEM." pre- 
viously incorporated by reference. It is also contemplat- 
ed that the shutdown record itself could be similarly en- 
crypted prior to broadcast over the network 200. 
[0039] The network administrator computer 202 pref- 
erably includes network management software such as 
Compaq Insight Manager. Such software solutions al- 
low an administrator to control and interrogate multiple 
network computers-S and download software^(e-:gr; up- 
dated ROM code) to network computers S while they 
are fully powered. The network management software 
may incorporate server- or client-based management 
data collection "agents' and allow network administra- 
tors to remotely track and update network node config- 
urations throughout a network 200. - - 

REMOTE CONTROL CAPABILITIES 

[0040] In a system implemented according to the 
Magic Packet™ specification, a method is provided 
whereby a network administrator or network manage- 
ment software can remotely activate a sleeping network 
computer S. On the receiving side of the network 200, 
this is accomplished by enabling power to the network 
interface controller 1 22 of a particular network computer 
S even while the network computer S is in a low power 
state. The network interface controller 122 monitors the 
network 200 for a specific Ethernet ^frame. Each ma- 



chine on the network is identified by a unique address. 
In the special Ethemet frame, the targeted network com- 
puter's S unique address is repeated sixteen times in a 
row anywhere within the data field ot a valid network 
5 frame, serving as a wake-up call. This special frame is 
referred to as a Magic Packet™ frame. 
[0041] As noted, the computer system S also includes 
power management hardware/software 180 that func- 
tions to apply power to the network interface controller 
10 122 when Magic Packet™ mode is enabled. This proc- 
ess can be accomplished through BIOS or other soft- 
ware that is generally aware of the state of the system 
and capable of setting a bit in the network interface con- 
troller 1 22 to enable Magic Packet™ mode. Alternative- 
's ly, a network operating system driver configured to mon- 
itor Advanced Power Management (APM) calls could be 
utilized to enable and disable Magic Packet™ mode. 
[0042] Through the specialized hardware/software, 
the network interface controller 122 is also capable of 
signalling the power management hardware/software 
180 to enable power to the network computer S follow- 
ing receipt of a valid Magic Packet™ frame. This signal 
can be considered analogous to a wake -up event such 
as a keyboard keystroke or mouse movement. In a con- 
templated embodiment of the invention, ROM POST 
code functions to boot the computer system S and return 
the network interface controller to a normal operating 
mode following receipt of a wake-up event. 
[0043] A Magic Packet™ frame for use with the dis- 
closed embodiment includes sixteen duplications of the 
address of a particular network computer S, with no 
breaks or interruptions. The address sequence can be 
located anywhere within the Magic Packet™ frame, but 
is proceeded by a synchronization stream that simplifies 
the scanning state machine ofthe network interface con- 
troller 122. The synchronization frame is defined as six 
bytes of "FFhV Preferably, the network interface control- 
ler 122 also accepts routed or MULTICAST frames in- 
eluding the sixteen duplications of the address matching 
the address of the targeted network computer S. 
[0044] As an example, assume the address for a par- 
ticular node on the network is44h 55h 66h 77h 88h 99h. 
In this situation, the network interface controller 122 oft- 
hat node scans for the following data sequence in an 
Ethemet frame: ^ , 

[0045] DESTINATION SOURCE MISC FF FF FF FF 
FF FF 44 55 66 77 88 99 44 55 66 77 88 99 44 55 66 
77 88 99 44 55 66 77 88 99 44 55 66 77 88 99 44 55 66 
77 88 99 44 55 66 77 88 99 44 55 66 77 88 99 44 55 66 
77 88 99 44 55 66 77 88 99 44 55 66 77 88 99 44 55 66 
77 88 99 44 55 66 77 88 99 44 55 66 77 88 99 44 55 66 
77 88 99 44 55 66 77 88 99 MISC CRC. 
[0046] Referring now to Figure 3 a flowchart diagram 
illustrating generation of a secure network broadcast 
message in accordance with the present invention is 
shown. Following commencement of the procedure in 
step 300. control proceeds to step 302 where the net- 
-,,WQrk administrator or network management software 
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creates a shutdown record lor one or more network 
computers S. When implemented using the Magic Pack- 
et^" technology, the shutdown message includes the 
aforementioned specific data sequence addressing the 
desired network computers S and indicates to the net- s 
work interface controllers 122 of these nodes that a 
Magic Packet^" frame is being broadcast. The shut- 
down record also includes a control code directing the 
desired network nodes to enter a low power state. Also 
included is a secure index (e.g., a time stamp indicating io 
the date and time on which the shutdown record is cre- 
ated). 

[0047] Control next proceeds to step 304 and a se- 
cure one-way hash function is performed on ttieTshat- 
down record, resulting in a hash code representation of is 
the record. In practice, public key algorithms, although 
capable, are often inefficient when used to sign long 
documents. In the preferred embodiment ofthe Inven- 
tion, this problem is addressed by generating a one-way 
hash oflhe shutdown record prior to encryption with the 20 
network administrator's public key. The hash value is 
commonly limited to a predetermined length. 
[0048] Preferably, the one-way hash function is per- 
formed in a secure manner resistant to snooping or at- 
tack by malicious code. Contemplated methods for ac- 2S 
complishing the secure one-way hash function include 
those illustrated in the previously incorporated referenc- 
es entitled: "SECURE TWO-PIECE USER AUTHENTI- 
CATION IN A COMPUTER NETWORK" and "METHOD .. 
FOR SECURELY CREATING, STORING' AhJD USING' Io 
ENCRYPTION KEYS IN A COMPUTER SYSTEM". 
[0049] Following completion of step 304, control next 
proceeds to step 306 and the secure hash code repre- 
sentation ofthe shutdown record is encrypted utilizing 
the network administrator's private key. Again, the en- 35 
cryption process is preferably performed in a secure 
manner. In essence, step 306 produces a digital signa- 
ture ofthe shutdown record that is then appended to the 
original shutdown record in step 308. Control proceeds - 
to step 310 and the encrypted hash of the shutdown 40 
record, in addition to the original shutdown record, is 
broadcast to a computer network such as that depicted 
in Figure 2. Control then proceeds to optional step 312 
and the network computers' S responses to the broad- 
cast message are recorded. , . . -.w,.;..^.:--. .^J^ 

[0050]^ Referring now to Figure 4. a flow chart diagram 
is provided illustrating the receipt and validation of the 
secure network broadcast message in accordance with 
the preferred embodiment. of the present invention. This 
procedure is typically used to verify that the broadcast 
message was neither modified in transit nor originated 
from an unauthorized source. Following commence- 
ment oflhe procedure in step 400, control proceeds to 
step 402 where the network interface controller 122 of 
the network computer S detects and scans all broadcast ss 
messages (or incoming frames). 
[0051] Following detection of a broadcast message, 
control proceeds to step 404 where the network inter- ... 



face controller 1 22 examines the broadcast message for 
a specific data sequence, indicating that the message 
contains a Magic Packet™ frame. The broadcast mes- 
sage is also examined to determine if it is addressed to 
the receiving network computer S. If not, control loops 
to step 406 and the network interface controller 122 
awaits the next broadcast message. 
[0052] If the receiving network computer S deter- 
mines that the broadcast message is directed to it as 
detemnined in step 404, control proceeds to step 408 
where the digital signature or encrypted hash portion of 
the received message is decrypted using the adminis- 
trator's public key. Control next proceeds to step 410 
where the network interface controller 1 22 or other sys- 
tem component performs a one-way hash function on 
the shutdown record portion ofthe received message. 
The decrypted hash of step 408 and the hash function 
result of step 410 are then compared in step 412. If the 
two hash values do not nnatch, the broadcast message 
fails the verification process and control is retumed lo 
step 406 to await the next broadcast message. If the 
broadcast message is validated as secure in step 412, 
control proceeds to step 41 4 and the receiving network 
computer S broadcasts an optional acknowledgement 
message. Control proceeds to step 416 and the shut- 
down control code of the broadcast message is execut- 
ed by the receiving network computer S. which either 
enters a low power state, awakens, or performs some 
other predetermined function. The verification process 
is ended step in 41 8. 

[0053] For machines in which it is desirable to disable 
remote control functionality, it is contemplated that the 
public key ofthe network administrator can be invalidat- 
ed such that the specified machine is incapable of de- 
tecting a valid broadcast message. This may be desir- 
able for use with network components containing critical 
or highly sensitive information. 
[0054] Thus, a method has been described for provid- 
ing secure remote control commands in a distributing 
computer environment. In the preferred embodiment 
ofthe invention, the network administrator or network 
management software creates a shutdown record, in- 
cluding an index or time stamp, for powering down a 
specified network computer (s). Prior to broadcast over 
the network, a secure one-way hash function is .per- 
formed on the shutdown record. The result ofthe one- 
way hash function is encrypted using the network ad- 
ministrator's private key, thereby generating a digital 
signature that can be verified by specially configured 
network nodes. The digital signature is appended to the 
original shutdown record prior to broadcast to the net- 
work. Upon receiving the broadcast message, the tar- 
geted network computer validates the broadcast mes- 
sage by verifying the digital signature of the packet or 
frame. The shutdown record or other command code is 
only executed following authentication of the broadcast 
message. 
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Claims 

1 . A method for securely broadcasting remote control 
commands in a computer network including at least 
one targeted network computer capable of respond- 
ing to remote control commands from a network ad- 
ministrator computer or other network computer, 
the method comprising the steps of; 

generating a remote control command; 
creating a digital signature of the remote control 
command; 

appending the digital signature to the remote 
control command to create a broadcast mes- 
sage; and 

communicating the broadcast message to at 
least one targeted network computer. 

2. The method of claim 1 , wherein the step of creating 
a digital signature of the remote control command 
comprises: 

performing a one-way hash function on the re- 
mote control command to generate a signature 
hash value; and 

encrypting the signature hash value with a pri- 
vate key. 

3. The method of claim 2, wherein the targeted net- 
work computer(s) further performs the steps of:' " 

decrypting the signature hash value portion 
ofthe broadcast message using a public key 
corresponding to the private key; 
performing a one-way hash function on the re- 
mote control command portion ofthe broadcast 
message to generate a verification hash value; 
and 

comparing the decrypted signature. hash value ^ 
with the verification hash value, 

4. The method of claim 3, wherein the targeted net- 
work computer(s) further performs the step of: 

executing the remote control command only 
if the signature hash value and the yerjficatipn hash 
value are identical. 

5. The method of claim 3, further comprising the step 
of invalidating the public key corresponding to the 
private key in at least one network computer such 
that predetermined remote control commands can- 
not be validated. 

6. The method of any of claims 1 to 5, wherein the tar- 
geted network computer(s) further performs the 
steps of: 

utilizing the digital signature to verify that the 



broadcast message is authorized; and 
executing the remote control command only if 
the broadcast message is authentic and au- 
thorized. 

5 

7. The method of any of claims 1 to 6, wherein the re- 
mote control command includes an index or time 
stamp. 

10 8. The method of any of claims 1 to 6. wherein the re- 
mote control command directs the targeted network 
computer to enter a low power state. 

. 9. The method of any of claims 1 to 6. wherein the re- 
?5 mote control command directs the targeted network 
computer to enter a fully powered state. 

10. The method of claim 2 on any claim when depend- 
ent thereon, wherein the private key is maintained 

20 in secure memory space. 

11. The method of any of claims 1 to 10, wherein the 
step of communicating the broadcast message to 
at least one targeted network computer is substan- 

25 tially compliant with the Magic Packet™ specif ica; 
tion. 

12. The method of any of claims 1to 11, wherein the 
digital signature is generated during a secure mode 

'30 "" of operation or in secure computer memory. 

13. A computer system configured to receive secure 
network communications, the secure network com- 
munications having a remote control command and 

35 a digital signature, the computer system compris- 
ing: 

a system bus; 

a.processor coupled to the system bus; 
power management hardware or software; and 
network interface circuitry coupled to the sys- 
tem bus and the power management hardware 
or software, the network interface circuitry con- 
figured to perform or direct the steps of: 

utilizing the digital signature to verify that 
the broadcast message Is authentic; and 
permitting the execution of the remote con- 
trol command only if the broadcast mes- 
sage is authentic, wherein the remote con- 
trol comnnand causes a change in state in 
the power management hardware or soft- 
ware. 

55 14. A computer system according to claim 13. further 
comprising: 

a mass storage device coupled to the system 

bus. 
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15. The computer system of claim 13 or claim 14, 
wherein the change in stale in the power manage- 
ment hardware or software causes the computer 
system to enter a low power mode. 

16. The computer system of claim 13 or claim 14, 
wherein the change in state in the power manage- 
ment hardware or software causes the computer 
system to become fully powered. 

17. The computer system of any of claims 13 to 16, 
wherein the digital signature comprises a hash code 

_ representation of the remote control command, the 
hash code representation encrypted with a private 
key, and wherein the step of utilizing the digital sig- 
nature to verity that the broadcast message is au- 
thentic comprises: 

decrypting the signature hash code represen- 
tation of the broadcast message using a public 
key corresponding to the private key; 
performing a one-way hash function on the re- 
mote control command portion of the broadcast 
message to generate a verification hash value; 
and 

comparing the decrypted hash code represen- 
tation of the broadcast message with the veri- 
fication hash value. 

18. The computer system of any of claims 13 to 17, 
wherein the network interface circuitry is further 
configured to substantially comply with the Magic 
Packet^'^ specification. 

19. The computer system of any ofclaims 1 3 to 1 8, fur- 
ther comprising a non-writeable secure memory 
space coupled to the processor, wherein the public 
key is maintained in the secure memory space. 



20. A computer system configured to broadcast secure 
computer network communications, the computer 
system comprising: 

a system bus; 

a processor coupled to the system bus; ' "■'-'4s 
a processor readable storage medium coupled 
to the system bus for directing the processor to 
perform the steps of: 

generating a remote control command; so 
creating a digital signature of the remote 
control command; and 
appending the digital signature to the re- 
mote control command to create a broad- 
cast message; ss 

network interface circuitry coupled to the sys- 
tem bus. the network-interface circuitry respon- 



sive to a command(s) from the processor to 
transmit the broadcast message to a computer 
network. 

5 21. A computer system according to claim 20. further 
comprising: 

a mass storage device coupled to the system 

bus. 
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22. The computer system of claim 20 or claim 21, 
wherein the step of creating a digital signature of 
the remote control command comprises the steps 

..,,,e!:- . 

performing a one-way hash function on the re- 
mote control command to generate a signature 
hash value; and 

encrypting the signature hash value with a pri- 
vate key 

23. The computer system of any of claims 20 to 22, 
wherein the broadcast message is substantially 
compliant with the Magic Packet^" specification. 

24. The computer system of any of claims 20 to 23, 
wherein the remote control command includes an 
index or time stamp. 

25. The computer system of any of claims 20 to 23, fur- 
ther comprising a secure memory space coupled to 
the processor, wherein the private key is maintained 
in the secure memory space. 
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